Telecommunications signaling networks, like most computer networks, have certain attack vulnerabilities. For example, in a mobile communications network, if an attacker gains access to subscriber information maintained by a home location register (HLR) or a home subscriber server (HSS), the attacker can use the information to eavesdrop on text messages and voice conversations involving the subscriber. Accordingly, it is desirable to protect subscriber information maintained by an HLR or HSS.
Protecting subscriber information maintained by an HLR or HSS can be difficult because subscriber information is transmitted over the network in response to location update procedures and there is no authentication or verification of the initiator of such procedures. For example, when a UE attaches to a network, the attachment point (the mobile switching center/visitor location register (MSC/VLR) in SS7 networks or the mobility management entity (MME) in Diameter networks) sends messaging to the HLR or HSS to update the location of the UE with the HLR or HSS. The HLR or HSS responds with subscription information concerning the subscriber. It is the subscription information that could possibly be used to eavesdrop or otherwise affect communications to and from the UE.
If an attacker masquerades as a valid network element serving the UE but is instead acting as an interception point for subscription information, the attacker can use the update location procedure to obtain the subscription information. For example, the attacker can send a fake update location message to the HLR or HSS network of the subscriber. The HLR or HSS may respond to the attacker with subscription information for the subscriber as if the attacker is a valid MSC/VLR or MME where the UE is currently registered. The subscription information is transmitted to the attacker in a location update response message. Once the attacker has the subscription information, the attacker can eavesdrop on communications involving the subscriber.
Credit card companies have used location information from mobile communications networks to validate credit card transactions. For example, a credit card company or an issuing bank can use location information from mobile communications networks to verify that the location of a credit card transaction corresponds to a location of the user. If the two locations do not match, the credit card company may request transaction verification from the subscriber. However, while such verification protects against fraudulent credit card purchase transactions, location update transactions in the underlying mobile communications network are not policed or otherwise affected.
Accordingly, there exists a need for methods, systems, and computer readable media for validating user equipment location.